T-Mobile & AT&T breaches: Dataprise Defense Digest

Two of the biggest wireless carriers in the US have been breached, resulting in millions of records of customer information being stolen and sold on the dark web. On August 16th, T-Mobile was hacked, and malicious actors got away with anywhere from 50 to 100 million records containing personal information like phone numbers, addresses, SSN’s, potential billing information, etc.

Allegedly, late this week, AT&T was also victim of a similar breach, exposing around 70 million records – at the time of this publication, AT&T had not confirmed this.

IMPACT

While these breaches may not directly impact an organization, the personal data obtained can be leveraged as a very effective social engineering tool. Malicious actors could use the data to easily impersonate someone (sending a text with your name/phone number) and to authenticate themselves by providing accurate personal information. Besides the latent threat of identity theft, the repercussions of how this data could be misused could be disastrous on both a personal and a corporate level.

 

continue reading »